A system and method for accessing and identifying the security parameters of a device in an information handling system is disclosed. A device in a computer system may operate according to a defined security protocol, and multiple security protocols may exist across the devices of the system. In operation, a configuration capability is defined within the PCI Express communications protocol. This capability includes a capabilities data structure through which parameters concerning the security parameters of the device may be identified and passed to a processor.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. An information handling system, comprising: a processor; one or more devices coupled directly or indirectly to the processor, wherein the one or more devices are able to communicate with the processor according to a communications protocol, wherein the one or more devices are security-enabled; wherein the communications protocol includes, for each of the one or more devices, an identification of at least one security parameter; wherein the at least one security parameter comprises at least a security protocol of the one or more devices, wherein the at least one security parameter further comprises an identification of whether a password related to the device is cryptographically wrapped; wherein the at least one security parameter is within one or more base address registers of at least one of a capability structure of a plurality of capability structures of the PCI Express communications protocol; wherein the one or more base address registers enable access to a security layer of at least one of the one or more devices so that at least one of the one or more processors can enable or disable an input/output security layer of the at least one of the one or more devices; wherein each of the plurality of capability structures comprises a unique identifier and a capability identifier, wherein the capability identifier associated with the at least one of the one or more devices is shared with and used by one or more other devices; wherein the plurality of capability structures form a linked list; wherein each of the plurality of capability structures includes a next capability pointer entry that points to at least one other of the plurality of capability structures; and wherein the security protocol of the device is a Trusted Platform Module supported by the at least one capability structure.
An information handling system includes a processor and security-enabled devices that communicate using a protocol like PCI Express. The system identifies device security parameters, such as the security protocol (e.g., Trusted Platform Module) and whether the device password is encrypted. This security information resides in base address registers within capability structures, part of the PCI Express protocol. These registers enable processor access to the device's security layer, allowing it to enable or disable I/O security. Capability structures have unique and shared identifiers, forming a linked list using "next capability pointer" entries. This linked list is used to support the Trusted Platform Module security protocol of the device.
2. The information handling system of claim 1 , wherein the communications protocol is PCI Express.
The information handling system described previously uses PCI Express as the communications protocol between the processor and security-enabled devices. The system identifies device security parameters, such as the security protocol (e.g., Trusted Platform Module) and whether the device password is encrypted. This security information resides in base address registers within capability structures, part of the PCI Express protocol. These registers enable processor access to the device's security layer, allowing it to enable or disable I/O security. Capability structures have unique and shared identifiers, forming a linked list using "next capability pointer" entries. This linked list is used to support the Trusted Platform Module security protocol of the device.
3. The information handling system of claim 2 , wherein the at least one security parameter of each of the one or more devices is stored in a header associated with a configuration space of the PCI Express 15 communications protocol.
Using PCI Express as the communications protocol, the information handling system from the previous description stores the security parameters of each device (like security protocol and password encryption status) in a header associated with the configuration space of the PCI Express protocol. The system identifies device security parameters, such as the security protocol (e.g., Trusted Platform Module) and whether the device password is encrypted. This security information resides in base address registers within capability structures, part of the PCI Express protocol. These registers enable processor access to the device's security layer, allowing it to enable or disable I/O security. Capability structures have unique and shared identifiers, forming a linked list using "next capability pointer" entries. This linked list is used to support the Trusted Platform Module security protocol of the device.
4. The information handling system of claim 1 , wherein the at least one security parameter is an identification of whether the one or more devices are password-enabled.
The information handling system described previously identifies whether the devices are password-enabled as a security parameter. This system includes a processor and security-enabled devices that communicate using a protocol like PCI Express. The system identifies device security parameters, such as the security protocol (e.g., Trusted Platform Module) and whether the device password is encrypted. This security information resides in base address registers within capability structures, part of the PCI Express protocol. These registers enable processor access to the device's security layer, allowing it to enable or disable I/O security. Capability structures have unique and shared identifiers, forming a linked list using "next capability pointer" entries. This linked list is used to support the Trusted Platform Module security protocol of the device.
5. The information handling system of claim 1 , wherein the at least one security parameter is an address of the security password for the one or more devices.
The information handling system described previously uses the address of the device's security password as a security parameter. This system includes a processor and security-enabled devices that communicate using a protocol like PCI Express. The system identifies device security parameters, such as the security protocol (e.g., Trusted Platform Module) and whether the device password is encrypted. This security information resides in base address registers within capability structures, part of the PCI Express protocol. These registers enable processor access to the device's security layer, allowing it to enable or disable I/O security. Capability structures have unique and shared identifiers, forming a linked list using "next capability pointer" entries. This linked list is used to support the Trusted Platform Module security protocol of the device.
6. The information handling system of claim 1 , wherein the at least one security parameter is a format of the security password for the one or more devices.
The information handling system described previously uses the format of the device's security password as a security parameter. This system includes a processor and security-enabled devices that communicate using a protocol like PCI Express. The system identifies device security parameters, such as the security protocol (e.g., Trusted Platform Module) and whether the device password is encrypted. This security information resides in base address registers within capability structures, part of the PCI Express protocol. These registers enable processor access to the device's security layer, allowing it to enable or disable I/O security. Capability structures have unique and shared identifiers, forming a linked list using "next capability pointer" entries. This linked list is used to support the Trusted Platform Module security protocol of the device.
7. A method for providing a security parameter for one or more devices, comprising: storing in a data structure associated with each of the one or more devices a security parameter that is associated with a security protocol of each of the one or more devices, wherein the one or more devices are security-enabled, and wherein the data structure is referenced in a header corresponding to a communications protocol of each of the one or more devices; accessing at least one of the one or more devices to retrieve the security parameter from the data structure of the device; wherein the at least one security parameter of the device is indicative of the security protocol of the device; wherein the at least one security parameter is further indicative of whether a password related to the device is cryptographically wrapped; wherein the at least one security parameter is within one or more base address registers of a capability structure of a plurality of capability structures of the PCI Express communications protocol; enabling access to a security layer of at least one of the one or more devices such that an input/output security layer of the at least one of the one or more devices can be enabled or disabled; wherein each of the plurality capability structures comprises a unique identifier and a capability identifier; wherein the capability identifier associated with the at least one of the one or more devices is shared with and used by one or more other devices; wherein the plurality of capability structures form a linked list; wherein each of the plurality of capability structures includes a next capability pointer entry that points to at least one other of the plurality of capability structures; and wherein the security protocol of the device is a Trusted Platform Module supported by the at least one capability structure.
A method for providing security parameters for devices involves storing, in a data structure associated with each security-enabled device, a security parameter linked to the device's security protocol (e.g., Trusted Platform Module). The data structure is referenced in a header corresponding to a communications protocol like PCI Express. Accessing the device retrieves the security parameter, which indicates the device's security protocol and whether the password is encrypted. This security information resides in base address registers within a PCI Express capability structure, enabling access to the device's security layer for enabling/disabling I/O security. Capability structures have unique/shared identifiers, forming a linked list with "next capability pointer" entries, supporting the Trusted Platform Module.
8. The method for providing a security parameter for the one or more devices of claim 7 , wherein the communications protocol is PCI Express.
In the method described previously for providing security parameters, PCI Express is used as the communications protocol between the processor and security-enabled devices. A data structure associated with each security-enabled device stores a security parameter linked to the device's security protocol (e.g., Trusted Platform Module). The data structure is referenced in a header corresponding to PCI Express. Accessing the device retrieves the security parameter, which indicates the device's security protocol and whether the password is encrypted. This security information resides in base address registers within a PCI Express capability structure, enabling access to the device's security layer for enabling/disabling I/O security. Capability structures have unique/shared identifiers, forming a linked list with "next capability pointer" entries, supporting the Trusted Platform Module.
9. The method for providing a security parameter for the one or more devices of claim 7 , wherein the data structure is within a configuration space of the PCI Express communications protocol.
In the method described previously for providing security parameters, the data structure containing the security parameter is within the PCI Express configuration space. A data structure associated with each security-enabled device stores a security parameter linked to the device's security protocol (e.g., Trusted Platform Module). The data structure is referenced in a header corresponding to PCI Express. Accessing the device retrieves the security parameter, which indicates the device's security protocol and whether the password is encrypted. This security information resides in base address registers within a PCI Express capability structure, enabling access to the device's security layer for enabling/disabling I/O security. Capability structures have unique/shared identifiers, forming a linked list with "next capability pointer" entries, supporting the Trusted Platform Module.
10. The method for providing a security parameter for the one or more devices of claim 7 , wherein the security parameter is indicative of a password associated with each of the one or more devices and the security protocol for each of the one or more devices.
This invention relates to a method for providing a security parameter for one or more devices, addressing the need for secure authentication and communication protocols in device networks. The method involves generating a security parameter that includes both a password and a security protocol for each device. The password serves as an authentication credential, while the security protocol defines the rules and mechanisms for secure communication, such as encryption standards or access control methods. This ensures that each device operates with a unique or shared security configuration, depending on the network requirements. The method may also involve dynamically updating the security parameter in response to changes in device status, network conditions, or security threats. By integrating password-based authentication with protocol-specific security measures, the invention enhances the overall security posture of the device network, preventing unauthorized access and ensuring data integrity. The approach is particularly useful in environments where multiple devices must maintain secure interactions, such as IoT networks, industrial control systems, or cloud-based device management platforms. The method may be implemented in a centralized security management system or distributed across individual devices, depending on the deployment scenario.
11. A computer system, comprising: a processor; a plurality of devices, wherein the processor is operable to access the devices and wherein the devices operate according a PCI Express communications protocol, wherein the plurality of devices are security-enabled; wherein each device is associated with a data structure that is consistent with the PCI Express communications protocol and wherein the data structure identifies at least one security parameter associated with the device; wherein the at least one security parameter of the device comprises at least a security protocol of the device; wherein the at least one security parameter further comprises an identification of whether a password related to the device is cryptographically wrapped; wherein the at least one security parameter is within one or more base address registers of a capability structure of a plurality of capability structures of the PCI Express communications protocol; wherein the one or more base address registers enable access to a security layer of at least one of the devices so that at least one of the one or more processors can enable or disable an input/output security layer of the at least one of the devices; wherein each of the plurality of capability structures comprises a unique identifier and a capability identifier, wherein the capability identifier associated with the at least one of the devices is shared with and used by one or more other devices; wherein the plurality of capability structures form a linked list; wherein each of the plurality of capability structures includes a next capability pointer entry that points to at least one other of the plurality of capability structures; wherein the security protocol of the device is a Trusted Platform Module supported by the at least one capability structure.
A computer system includes a processor and security-enabled devices that use the PCI Express protocol. Each device has a data structure (consistent with PCI Express) identifying at least one security parameter, including the device's security protocol (e.g., Trusted Platform Module) and whether its password is encrypted. This security information resides in base address registers within capability structures, part of the PCI Express protocol. These registers enable processor access to the device's security layer, allowing it to enable or disable I/O security. Capability structures have unique/shared identifiers, forming a linked list with "next capability pointer" entries, supporting the Trusted Platform Module.
12. The computer system of claim 11 , wherein the data structure is within a configuration space of the PCI Express communications protocol.
The computer system from the previous description uses a data structure within the PCI Express configuration space to store security parameters. The system includes a processor and security-enabled devices that use the PCI Express protocol. Each device has a data structure (consistent with PCI Express) identifying at least one security parameter, including the device's security protocol (e.g., Trusted Platform Module) and whether its password is encrypted. This security information resides in base address registers within capability structures, part of the PCI Express protocol. These registers enable processor access to the device's security layer, allowing it to enable or disable I/O security. Capability structures have unique/shared identifiers, forming a linked list with "next capability pointer" entries, supporting the Trusted Platform Module.
13. The computer system of claim 11 , wherein the at least one security parameter identifies whether the devices are associated with a security password.
In the computer system described previously, the security parameter identifies whether the devices are associated with a security password. The system includes a processor and security-enabled devices that use the PCI Express protocol. Each device has a data structure (consistent with PCI Express) identifying at least one security parameter, including the device's security protocol (e.g., Trusted Platform Module) and whether its password is encrypted. This security information resides in base address registers within capability structures, part of the PCI Express protocol. These registers enable processor access to the device's security layer, allowing it to enable or disable I/O security. Capability structures have unique/shared identifiers, forming a linked list with "next capability pointer" entries, supporting the Trusted Platform Module.
14. The computer system of claim 11 , wherein the at least one security parameter identifies whether a password associated with the devices are cryptographically wrapped.
In the computer system described previously, the security parameter identifies whether a password associated with the devices are cryptographically wrapped. The system includes a processor and security-enabled devices that use the PCI Express protocol. Each device has a data structure (consistent with PCI Express) identifying at least one security parameter, including the device's security protocol (e.g., Trusted Platform Module) and whether its password is encrypted. This security information resides in base address registers within capability structures, part of the PCI Express protocol. These registers enable processor access to the device's security layer, allowing it to enable or disable I/O security. Capability structures have unique/shared identifiers, forming a linked list with "next capability pointer" entries, supporting the Trusted Platform Module.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
January 16, 2009
July 18, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.